BMC Server Automation ports

The following sections list the ports used by the various components of BMC Server Automation:

Related topics

Overview

These ports are required for a basic BMC Server Automation installation. Your firewall must allow communication through these ports for the associated components to function.

Note

Before you install the BMC Server Automation Console, make sure that port 9998 (TCP) is not being used. Installation of the console requires use of this port. If the port is already in use, the installer shows a progress bar but exits before launching and the installation fails.

To define port numbers that differ from the defaults, use the BMC Server Automation Application Server console (the blasadmin utility) or use the BMC Server Automation Console (the Infrastructure Management window). For information about changing port numbers using the BMC Server Automation Console or the blasadmin utility, see Configuring communication ports.

Client ports

The following table lists the TCP/UDP ports used by the BMC Server Automation clients.

Port	Protocol	From	To	Notes
9840 (base + 40)¹	TCP	RCP (Client UI)	Authentication Service	Required port. This port is used for BMC Server Automation Console to Application Server communication, and is used in conjunction with the Java Management Extensions (JMX) port 9838 (by default) to authenticate the client AppSvcPort (port 9841 by default).
9841 (base + 41)¹	TCP	RCP (Client UI)	Application Server	Required port. Listening port for the Application Service (that is, the service that accepts client connections). If this value is set to 0, the Application Server does not run an Application Service. By default the Application Service runs and listens on port 9841.
9842 (base + 42)¹	TCP	NSH, Application Server	NSH Proxy	The listening port for a Network Shell Proxy Service. You must manually define a listening port for the default deployment of an Application Server. Typically, ProxySvcPort is set to 9842 for the default Application Server. When you deploy a new Application Server with its type set to NSH_PROXY or ALL, the ProxySvcPort is automatically set to the base port plus 42. You can modify this value if necessary. If this value is blank, the Application Server does not run a Network Shell Proxy Service.

¹ Application Server ports are normally configured from a base port, with 9800 being the default base port. A second Application Server on the same host will typically have a base port of 9900, and so on. Arbitrary port assignments can be made in all cases.

Application Server ports

The following table lists the TCP/UDP ports used by the BMC Server Automation application server.

Port	Protocol	From	To	Notes
25	SMTP (TCP)	Application Server	Mail Server	SMTP
161	SNMP (UDP)	Application Server		SNMP
162	SNMP (UDP)	Application Server		SNMPTRAP
1080	TCP	SOCKS client	SOCKS proxy	SOCKS Proxy protocol
1433	MS--SQL (TCP)	Application Server	SQL Server DB	Communication with the SQL database
1521	TNS (TCP)	Application Server	Oracle DB	Communication with the Oracle database.
9700	JMX (TCP)	`blasdmin` console	Application Server Launcher	Default RMI registry port used for JMX communication to the Application Server Launcher. In order to perform Application Server Launcher operations, each Application Server host must have access to this port on every other Application Server host.
9701	TCP	Application Server	Application Server Launcher	Default communications port used for Application Server communication with the Application Server Launcher. The traffic type is incoming messages. Each managed Application Server uses this port to notify the Application Server Launcher that the Application Server is up and in a ready state. This communication is all local traffic for this port.
9702	TCP	Console	Application Server Launcher	Default RMI execution port used for JMX communication to the Application Server Launcher. In order to perform Application Server Launcher operations, each Application Server host must have access to this port on every other Application Server host.
9836 (base + 36)¹	TCP	Application Server	RMI Registry	Required port. Listening port for traffic between Application Servers that cooperate by distributing jobs to each other This port is used in a multiple Application Server configuration for Application Server to Application Server communication. It is used in conjunction with the RMI Execution Port 9850+ (which is obtained from the MaxPort/MinPort range when the Application Server starts). This communication is used for various administration tasks, such as to pull Application Server statistics, coordinate job work item execution, update the remote heartbeat status, and so on.
9838 (base + 38)¹	TCP	Application Server	Jconsole or JMXCLI	Required port. JMX listener for Application Server
9850-9899 (MinPort-MaxPort)	TCP	Application Server	Application Server	RMI communication ports. The MinPort-MaxPort range is configurable, with 9850-9899 being the default for a single Application Server.
9843	HTTPS	Web client	Application Server	Web services port

¹ Application Server ports are normally configured from a base port, with 9800 being the default base port. A second Application Server on the same host will typically have a base port of 9900, and so on. Arbitrary port assignments can be made in all cases.

Provisioning server ports

The following table lists the TCP/UDP ports used by BMC Server Automation in provisioning.

Port	Protocol	From	To	Notes
67¹	DHCP (UDP)	PXE client	DHCP service	(Windows and Linux provisioning) For PXE discovery and image transfer. BOOTP/DHCP port – The port that the DHCP server listens on in order to process broadcasts and requests from bare metal target servers and to assign each a unique IP. The PXE boot broadcasts a DHCP request that includes PXE information. By default, the PXE Server binds to 67 UDP.
68	DHCP (UDP)	DHCP	PXE client	(Windows and Linux provisioning) BOOTP/DHCP port — A bare metal server listens on this port to receive the dynamic IP it has requested from the DHCP server. The server uses this IP to configure itself and access the network. Extended DHCP response to an initial extended DHCP request.
69	TFTP (TCP/UDP)	PXE client	TFTP Server	(Windows and Linux provisioning) Port used in provisioning for PXE discovery. The port on which the TFTP server listens. The bare metal target server downloads the initial boot image (the WinPE or gentoo image) over this port.
80	HTTP (TCP)	PXE client	PXE server	(Linux provisioning) Used for Linux PXE server. The port used to download Linux operating system files from the data store server. The bare metal target server uses this port to download the Linux operating system files from the data store that is running a web server (typically an Apache server).
445	SMB (TCP)	PXE client	PXE server	(Windows provisioning) Used for Windows PXE Servers. Samba over TCP -- File and printer sharing takes place over this port. The port is used when the WinPE image mounts a Samba share to transfer operating system files from the data store to the bare metal target server.
1433	MS-SQL (TCP)	PXE server	SQL Server DB	(Windows and Linux provisioning) The PXE/TFTP server communicates directly to the database server over this port to determine which boot image to provide to the bare metal target server.
1521	TNS (TCP)	PXE server	Oracle DB	Port that the database listens on. Typically, port 1521 is for an Oracle database. (Windows and Linux provisioning) The PXE/TFTP server communicates directly to the database server over this port to determine which boot image to provide to the bare metal target server.
4011	DHCP (UDP)	PXE client	PXE server	(Windows and Linux provisioning) The PXE server listens on this port for DHCPREQUESTS from bare metal target servers when they boot for the first time. When both the PXE service and the DHCP service reside on the same server, both services cannot listen on the same port. In that case, this port is effectively the proxy DHCP.
4750	RSCD (TCP)	Application Server	RSCD agent	(Windows and Linux provisioning) Port used to communicate to the RSCD agent on a managed target server after it is provisioned. Note: After modifying the RSCD agent listening port, you must restart both the agent and the Application Server.
9831	TCP	Provisioning Client	Application Server	Required port. By default, the Application Server uses this port for SSL communication. (Provisioning) The provisioning process explicitly uses this port. Bare metal target servers use this port to communicate back to the Application Server (Provisioning Server).

¹ The PXE server binds to port 67, a port that the DHCP server normally uses. However, PXE clients broadcast a DHCPDISCOVER packet with PXE-specific information to port 67. This communication enables the PXE server running on that port to identify the PXE client and initiate the provisioning process. For this reason, provisioning uses the same ports as the DHCP server.

RSCD Agent ports

The following table lists the TCP/UDP ports used by the BMC Server Automation RSCD Agents.

Port	Protocol	From	To	Notes
4750⁺	TCP	BMC Server Automation Application Server	RSCD Agent (Managed Server)	Default port for all communication from application server to agent
139	TCP	BMC Server Automation Application Server	Target Windows Server	netbios port for Agent Installer Job/psexec
445	TCP	BMC Server Automation Application Server	Target Windows Server	microsoft-ds port for Agent installer job/psexec
22^*	TCP	BMC Server Automation Application Server	Target UNIX Server	ssh,scp port for Agent installer job (file copy and command execution)
23^*	TCP	BMC Server Automation Application Server	Target UNIX Server	telnet port for Agent installer Job (command execution)
20,21^*	UDP	BMC Server Automation Application Server	Target UNIX Server	ftp port for Agent Installer Job (file copy)
139	TCP	Windows RSCD Agent / Managed Server	CIFS/SMB Share	for AGENT_MOUNT deploy types
445	TCP	Windows RSCD Agent / Managed Server	CIFS/SMB Share	for AGENT_MOUNT deploy types
NFS ports	TCP/UDP	RSCD Agent / Managed Server	NFS Share	for AGENT_MOUNT deploy types

⁺The RSCD Agent is registered with port 5750 with IANA, but the default port is 4750 (listed as ssad in most UNIX /etc/services files).^* For the UNIX agent installer, use either ssh or ftp/telnet to run the agent installer. Only the ports for the specific method of install need to be open.

Remote facility ports

The following table lists the TCP/UDP ports used by BMC Server Automation for remote facility communications (SOCKS, Repeater).

Port	Protocol	From	To	Notes
7717	TCP	Certificate Manager	BMCCM Tuner	Usually local traffic only
4750	RSCD (TCP)	Application Server	RSCD Agent	Primary communication channel from Application Server to each managed host. Note: After modifying the RSCD agent listening port, you must restart both the agent and the Application Server.

External Authentication ports

The following table lists the TCP/UDP ports used in the communication with external authentication sources.

Port	Protocol	Authentication Type	From	To	Notes
88	TCP & UDP	ADK, Domain Authentication	Application Server (and client system for ADK)	Windows Domain Controller/KDC	For ADK, because a Kerberos ticket is required, the client system must also be able to access the Domain Controller/KDC.
389	TLS/TCP	LDAP (LDAP + Start TLS)	Application Server	LDAP Server
80/443	HTTP/HTTPS (TCP)	PKI	Application Server	OCSP server	Application Server needs access to the OCSP responder if OCSP is enabled.
5500	UDP	RSA	Application Server	RSA Server

Page tree